Nefarious Plastic Mannequins
Severity: critical

Command Injection

apex-publish-static-files

Overview

Versions of apex-publish-static-files before 2.0.1 are vulnerable to command injection. This is exploitable if user input is passed into the connectString option in the publish method.

Remediation

Update to version 2.0.1 or later.

Advisory timeline

  1. Created

    2018-11-01T14:09:00.603Z
  2. Updated

    2018-11-01T14:09:00.603Z